Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ensure ws version >= 8.17.1 #450

Merged
merged 1 commit into from
Jun 21, 2024
Merged

Ensure ws version >= 8.17.1 #450

merged 1 commit into from
Jun 21, 2024

Conversation

kmcginnes
Copy link
Collaborator

Description

There is a security advisory for ws package. It is installed in Graph Explorer, but only through devDependencies for jest-environment-jsdom

❯  pnpm why ws --recursive
Legend: production dependency, optional only, dev only

graph-explorer@1.7.0 graph-explorer/packages/graph-explorer

devDependencies:
jest-environment-jsdom 29.7.0
└─┬ jsdom 20.0.3
  └── ws 8.17.1

I've added an override to ensure the patched version is used.

Validation

Related Issues

Check List

  • I confirm that my contribution is made under the terms of the Apache 2.0
    license.
  • I have run pnpm checks to ensure code compiles and meets standards.
  • I have run pnpm test to check if all tests are passing.
  • I have covered new added functionality with unit tests if necessary.
  • I have added an entry in the Changelog.md.

@kmcginnes kmcginnes marked this pull request as ready for review June 21, 2024 18:59
@michaelnchin michaelnchin merged commit 190c515 into aws:main Jun 21, 2024
1 check passed
@kmcginnes kmcginnes deleted the fix-ws-dependency-version branch June 21, 2024 22:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@michaelnchin michaelnchin michaelnchin approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@kmcginnes @michaelnchin